How to Create New Target Application ID in Secure Store Service for BCS in SharePoint 2016?

When you want to consume external data in SharePoint, such as data from your other business applications, you can use Business Connectivity Services (BCS) together with Secure Store Service. The external data source that you can connect to is called a Secure Store Target Application. BCS makes it possible for you to set up a connection to the Target Application, and the Secure Store enables you to manage the credentials required by the external data source.

Before proceeding, You have created and configured the Secure store service application and generated the master key from SharePoint 2013/2016 Central Administration site, isn’t it? If not, Refer to:

Now you are all set to create new Target Applications and use them in SharePoint. Here you go!

How to Create New Target Application ID?

Here are the steps to add a new Target Application ID in SharePoint 2016 Secure store Service:

  1. Go to SharePoint Central Administration site >> Click on “Manage Service Applications”
  2. Locate and pick your Secure store service application
  3. In the Ribbon, Under the Edit tab click on New button
    Create Target Application ID in Secure Store Service for BCS
  4. Enter the Target Application ID (Make sure the ID is unique – and you can’t change it later), Display Name, Contact E-Mail. Choose the application type – Group: Maps group of users to a single set of stored credentials Individual: Maps a single user to a single set of stored credentials. Click Next.
    sharepoint secure store application id
  5. The following window allows you to Add/Change credential fields associated with the external data source. In my case, I left it with Windows User Name and Windows Password fields, as they are sufficient to connect with the SQL Server database using windows credentials. Click on Next. Select “User Name” and “Password” in the Field type dropdown if you want to use SQL authentication.
    sharepoint secure store application id 2013
  6. Enter the name(s) of the users that will administer the target application and Group who will use the target application and click OK
    sharepoint 2013 secure store target application type

Now we have successfully created a target application.

Set up Credentials for New Target Application ID:

The next step is to set the credentials for the target application ID.

  1. Click on Context menu of newly created Target Application Id and choose Set Credential
    sharepoint 2016 create secure store application id
  2. Enter the User Name and Password & Confirm Password which will be used to connect to the target data source on behalf of authorized users and click on OK to complete the creation of a secure store target application ID. Make sure this access account (In my case its: Crescent\DBAccess) have proper rights on the external database for the operation such as Read/Write.
    sharepoint designer secure store application id

Now All users of the given group can use the Application ID to connect with external data sources with the application ID generated! Once the target application is created in Secure store service, you can associate it with any application to interact with the external database or application model, such as SharePoint Designer, Excel, etc.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

One thought on “How to Create New Target Application ID in Secure Store Service for BCS in SharePoint 2016?

  • Hi, I follow ur sharepoint online related content. Those r very helpful. Actually, I created office 365 free account and using sharepoint online. But while creating new target application in secure store, I am getting error as Application server does not have the latest key. Please guide me for this.


Leave a Reply

Your email address will not be published. Required fields are marked *